More details surrounding the major FaceTime eavesdropping bug that 9to5Mac exclusively reported on yesterday are emerging. A woman has claimed that her teenage son discovered the flaw and warned Apple about it last week. Now a video has surfaced as evidence for the teenager’s discovery dated January 23rd.
If you’re still getting caught up on this FaceTime security flaw, here’s what’s happened:
A significant bug has been discovered in FaceTime and is currently spreading virally over social media. The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their phone — before the person on the other end has accepted or rejected the incoming call. Apple says the issue will be addressed in a software update “later this week”.
There was also a vulnerability where users could eavesdrop on video as well. While Apple works on a patch, it has taken Group FaceTime offline for the time being. You can follow along with our guide for how to turn off FaceTime as well.
Last evening, the mother of the teenager claimed that her son previously discovered the bug and reported it to Apple Support and didn’t hear anything back. She shared an email conversation with what looks like a member of Apple’s Product Security division on January 22nd following emails to Apple Support.
She claims that it was one of “many emails” sent to Apple about the flaw.
One of many emails sent to Apple 1 week ago attempting to report the Group FaceTime bug. @cnbc @cnn @foxnews @9to5mac pic.twitter.com/l9IFMZmKh6
— Michele Thompson ☀️ (@MicheleT_inAZ) January 29, 2019
The teenager and mother then sent a video demonstrating the bug to Apple on the 23rd. Now, John Meyer has shared a video on Twitter as evidence to support the mother’s claim. The unlisted YouTube video looks to have been uploaded on January 23rd, and shows how the FaceTime flaw works.
https://twitter.com/BEASTMODE/status/1090298850764644352
If these claims turn out to be true, this would certainly highlight the need for Apple to overhaul how it handles such tips to better align with its focus on privacy.
Update: Apple Support apparently asked the mother to create a developer account to submit a Radar report for the bug, which she did on January 25th.
https://twitter.com/BEASTMODE/status/1090314332225843201
Check out 9to5Mac on YouTube for more Apple news:
FTC: We use income earning auto affiliate links. More.
Comments